From 0c324425b7c6151a59fe85577b74c895c3c85aed Mon Sep 17 00:00:00 2001 From: Kenton Groombridge Date: Thu, 21 Sep 2023 16:28:02 -0400 Subject: dispatch-conf: copy SELinux labels to merged files Signed-off-by: Kenton Groombridge Closes: https://github.com/gentoo/portage/pull/1099 Signed-off-by: Sam James --- bin/dispatch-conf | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'bin') diff --git a/bin/dispatch-conf b/bin/dispatch-conf index 154b26ff5..849be562e 100755 --- a/bin/dispatch-conf +++ b/bin/dispatch-conf @@ -12,6 +12,7 @@ # import atexit +import errno import re import subprocess import sys @@ -398,6 +399,8 @@ class dispatch: mystat = os.lstat(conf["new"]) os.chmod(mrgconf, mystat[ST_MODE]) os.chown(mrgconf, mystat[ST_UID], mystat[ST_GID]) + if "selinux" in portage.settings.features: + self.copy_selinux_label(conf["current"], mrgconf) newconf = mrgconf continue elif c == "l": @@ -434,6 +437,30 @@ class dispatch: perform_conf_update_session_hooks("post-session") + def copy_selinux_label(self, curconf, newconf): + """Copy the SELinux security label from the current config file to + the new/merged config file.""" + try: + label = os.getxattr(curconf, "security.selinux") + except OSError as e: + if e.errno == errno.ENOTSUP: + # Filesystem does not support xattrs + return + writemsg( + f"dispatch-conf: Failed getting SELinux label on {curconf}; ignoring...\n", + noiselevel=-1, + ) + return + + if label: + try: + os.setxattr(newconf, "security.selinux", label) + except OSError: + writemsg( + f"dispatch-conf: Failed setting SELinux label on {newconf}; ignoring...\n", + noiselevel=-1, + ) + def replace(self, newconf, curconf): """Replace current config with the new/merged version. Also logs the diff of what changed into the configured log file.""" -- cgit v1.2.3-65-gdbad